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( 54) Safeguarding hard drive tlata 

(57) The computer has a security potion which arranges that the computer may only be initialized if a correct 
password is supplied and if the hard drive is the same as that which was originally installed together with the 
security portion. The methods for installing and removing the security portion involve the manipulation of the 
boot code on the hard drive. The security portion can inhibit disk control commands from writing to the boot 
sector on the hard disk to guard against circumvention of the security system. 
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WTttSONAT. COM PTTTKH HAVINf^ SKCUMTY FUNCTION. 
pTTTRTTY MET WOD THEREFOR- SECURITY DEVICE 
INSTALLATION AND DE TACHMENT METHODS 

5 The present invention relates to a personal computer (PC), and more 

particularly, to a PC having a security function, a security method therefor, 
and methods of installing and detaching a security device in and from the PC. 

Currently, PC's are being used by many different kinds of people for 
10 various applications, some of which involve highly sensitive information. 
Thus, PC users have provided various measures for security of such 
information. 

A typical PC security method comprises three tasks: first, a task of 
15 preventing an unauthorized user from booting the PC; second, a task of 
preventing the usage of input devices such as a keyboard or mouse; and third, 
a task of preventing valuable information from being read and copied. 

The above security method generally requires a user to input a 
20 password for permitting die use of PC. However, if the password is revealed, 
the conventional PC protection function is useless. 

Furtiiermore, it is not difficult for an unauthorized user who doesn't 
know the password to find it on a hard disk. Thus, an unauthorized user can 
25 copy valuable information from Uie booted PC without permission, thereby 
exposing information. Also, even if the PC includes the security device, it 
may be detached from the PC by an unauthorized user and the hard disk 
thereof may be accessed to expose information. 
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I, U » aim of preferred embodiments of Ae present invention to 
p„vide . PC having . seomty portion wMch controls .ite boodng operadon 
using a password and protects the data of a hard disk. 

5 n is anod«r aim to provide a PC security method «.pplying a booting 

^ security function using a security portion having an EEPROM »Ki a 
boot sector of a hard disk and a security fimction therefor. 

U u stiU another aim to provide a med-od for instalUng the security 
10 portion in the PC. 

It is stiU yet a.K«her aim to provide a method of detaching the security 
portion from the PC- 

,5 Acconling to an aspect of the preseM im«ntion. there is provided a 

personal computer having a security function comprising: an input/output »M 
memory porUon for inputting, outputting and storing a password; a hard drsk 
for storing the password and a boot sector without partition, which is booted 
in response to a booting permission signal; a security program storing portion 
20 for generating the booting permission signal according to whether the 
p«sword is valid and d« hard disk is the hard disk imtiaUy installed in the 
system in response to an imtializing signal, having a boot sector program with 
partition, and storing ihc password, and a boot sector protection program for 
protecting the boot sector of flte hanJ disk; security portion for processing ti« 
boot sector protection program and for performing both read and wnte 
operations, having the security program storing portion; and a cenU^ 
controller for controlUng the hard disk, the input/output and memory portion, 
and the security portion, and for generating the initialiring signal when power 
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is turned on, wherein the hani disk is booted in response to whether the 
security portion exists and whether the security portion is the initiaUy instaUed 
security portion. 

5 Acconiing to another aspect of the present invention, there is provided 

a security metfjod for a personal computer including a hard disk and security 
portion for storing various security programs for the personal computer, in 
which the booting of the personal computer is controUed and the boot sector 
of the hard disk is protected, the security programs including a booting 

10 control program and a boot sector protection program, wherein the 
booting control program is executed dirough the steps of: (a) preventing the 
booting of the personal computer if a password input by a user is not valid; 
(b) terminating the booting of the personal computer if the security portion is 
detached; (c) controlling the input/output of data to/from the hard disk by 

15 using the security portion if tiie security portion is die same as that initially 
installed together with the hard disk; and (d) booting die hard disk. 
Preferably, U»e boot sector protection program is executed tiirough die steps 
of: (a') determining whetiter die disk to be used is die hard disk of the 
personal computer if a disk control command is input from the user; (b') 

20 determining wheUier die disk control command is for reading information 
from the boot sector if die disk is determined to be die original hard disk of 
die personal computer; (c') outputting die content of die boot sector stored in 
die security portion if it is determined in die step (b') diat die disk control 
command is for reading; (d') determining whedier die disk control command 

25 if for writing information in die boot sector if it is determined in die step (b') 
diat die disk control command is not for reading; (e') performing an original 
disk interrupt operation of die personal computer to complete die process 
required from die disk control command if die disk control command is not 
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for writing or if it is determined in the step (a') that the disk is not the 
original hard disk of the personal computer; and (f ) completing the process 
required from the disk control command if the disk control command is for 
writing. 

5 

Said security means may be an EEPROM. 

Preferably, said step (a) comprises the sub-steps of: 

10 requesting a user of the personal computer to input the password if said 

security means is initialized; and 

continuously requesting the user of tiie personal computer to input the 
password if the input password is not valid. 

15 Said step (b) preferably comprises the sub-steps of: 

determining whether said security means is the same as that initially 
installed in the personal computer and said hard disk is the same as that 
initially installed in the personal computer if tiie password is valid; 
20 terminating the operation of tiie personal computer so as to prevent said 

hard disk from being booted if said security means and said hard disk is not 
the same as tiiose initially installed in tiie personal computer; and 

selecting a partition of said hard disk in accordance witii the password 
if said security means and said hard disk are the same as tiiose initially 
25 installed in the personal computer. 



According to still another aspect of tiie present invention, there is 
provided a method of installing security portion in a personal computer for 
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security of the personal computer, comprising the steps of: connecting the 
security portion to a hard disk and a central controller of the personal 
computer; storing an original booting data of a boot sector of the hard disk in 
a special file; installing a new booting data in the boot sector; copying the 
new booting data installed in the boot sector in the security portion; removing 
only a partition from the new booting data so as to prevent the personal 
computer from being used without the security portion; and registering a 
password and an identification number of the personal computer in the hard 
disk and the security portion. 



According to still yet another aspect of the present invention, there is 
provided a method of detaching security portion from a personal computer for 
security of die personal computer, wherein die method is performed by 
installing again an original booting data stored as a special file in the boot 
15 sector of the personal computer and removing Uie password, by only an 
authorized user. 

For a better understanding of the invention, and to show how 
embodiments of the same may be carried into effect, reference will now be 
20 made, by way of example, to tfie accompanying diagrammatic drawings, in 
which: 

Figure 1 is a block diagram of a PC having a security function 
according to an embodiment of the present invention; 



Figure 2 is a flowchart illustrating a general booting procedure of a 

PC; 
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Figure 3 is a flowchart Ulustrating a method of controlling the booting 
of the PC; 

Figure 4 is a flowchart illustrating Step 42 of Figure 2; 

Figure 5 is a flowchart iUustrating a protection program for a boot 
sector of a hard disk, which is programmed in the EEPROM of a security 
portion; 

0 Figure 6A is a method for instalUng the security portion in the PC; and 

Figure 6B is a flowchart illustrating a method of detaching the security 
portion from fhe PC. 

As shown in Figure 1 , a PC having a security function according to an 
embodiment of the present invention is comprised of a central processing unit 
(CPU) 10. a hard disk 12, an input/output and memory device 16. a security 
program storing portion 20 and a security portion 18. 

20 The CPU 10 is for controlling the hard disk 12, the input/output and 

memory device 16. and the security portion 18. and for generating an 
initializing signal when power is turned on. The hard disk 12 stores a 
password and boot sector 14 without partition and is booted in response to a 
booting permission signal, based on whether or not tiie security portion 18 

25 exists, and whether or not it corresponds to the initially installed security 
portion 18. The input/output and memory device 16 is for storing a 
password, and the security program storing portion generates the booting 
permission signal in response to an initializing signal if the password is valid 
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and the hard disk 12 is the hard disk initiaUy instaUed in the system. Also, 
the security program storing portion stores a boot sector with partition, the 
password, a booting control program, a boot sector protection program for 
protecting the boot sector 14 of the hard disk 12. and partition information of 
5 the hard disk 12. The security portion 18 is able to perform both read and 
write operations and includes the security program storing portion 20 and 
processes the boot sector protection program. 

In the PC, the CPU 10, the hard disk 12 and the input/output and 
10 memory device 16 are connected to each other via a bus using corresponding 
adapters. 

According to the embodiment, a booting control program is stored in 
the boot sector 14 of the hard disk 12 and security programs are stored in the 

15 security program storing portion 20 which may b^ realized using an 
electrically erasable and programmable ROM (EEPROM). The bootmg 
control programs each stored in the boot sector 14 and the security program 
storing portion 20 execute a procedure for verifying each other for a perfect 
security. Here, if one program fails to verify the existence of the other 

20 program, the PC cannot be booted. 

The PC's microprocessor can read from and write to the EEPROM 20. 
Thus the EEPROM 20 can store the user's password, a copy of the boot 
sector 14 of the hard disk 12 and programs to be actively or passively 
25 performed for the security. Thus, even if an unauthorized user removes the 
security portion 18 from the PC and boots the hard disk 12 using another 
floppy diskette, it is impossible to use the PC since partiUon information of 
the hard disk 12 is stored only in the EEPROM 20. 
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A general booting procedure of the PC wiU be described with reference 
to Figure 2. 

When power is provided to the PC (Step 30). the PC performs a power 
on self-test (POST) for testing various internal elements and for an 
imtiaUzation (Step 32). The POST program for Step 32 is stored in a ROM 
of the input/output and memory device 16. After Step 32. the PC determines 
whether or not devices optionally installed in the PC by the user have a 
respective execution program in a predetermined range of addresses. If the 
execution program exists, it is determined whether or not tiie correspondmg 
device is initialized (Step 34). If the initialization is not performed, the 
corresponding device is initialized by the PC all over the predetermmed 
address range (Step 36). After the initializing programs have been performed, 
the PC starts to perform a booting procedure. After completely checking to 
see which devices have a boot program, it is determined whether a valid boot 
program exists in each device (Step 38). If the valid boot program does not 
exist, the PC performs a basic program stored in the ROM of the input/output 
and memory device 16 (Step 40). However, if the valid boot program exists, 
each valid boot program of the devices is executed (Step 42). 

The method of initializing the security portion 18. performed in Step 
36 of Figure 2. that is. a method of controlling the booting of the PC 
according to the present invention will be described with reference to Figure 
3. 

The PC requests a user to input a password (Step 50). Then, the 
initializing program stored in the hard disk 12 determines whether the 
password input from the user is valid (Step 52). Here, the password can be 
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stored wherever data can be written and read. That is, the password may be 
stored in the hard disk 12, the security program storing portion 20 of the 
security portion 18, a floppy diskette, a non-volatile memory, a terminal 
connected to die PC and/or a card reader. 

5 

In Steps 50 and 52, die password is continuously requested if the input 
password is not valid, so that the booting of the PC is held at a first security 
step. If it is determined that the password is valid in Step 52, the PC 
compares its own identification (ID) number of the security portion 18 with 

10 a corresponding ID number stored in the boot sector 14 of the hard disk 12 
for mutual authentication, to verify whether the PC is die same as die PC in 
which it was initially installed (Step 54). If the ID number of the security 
portion 18 does not match Uie ID number in the boot sector 14 or does not 
exist in the boot sector 14, the operation of the PC is terminated (Step 58). 

15 Steps 54 and 58 are the second security steps for preventing the installed 
security portion 18 from being detached from Uie PC, or die PC from being 
booted by another replaced hard disk. If die condition of Step 54 is satisfied, 
an allowable partition of the hard disk 12 is selected according to a password 
input by the user (Step 56). Then, die security portion 18 performs an 

20 intercepting operation at the occurrence of a disk I/O interrupt (Step 60). 
Step 56 is for preventing die data stored in die PC from being copied by an 
unauthorized user using an auxiliary memory device. 

Step 42 of Figure 2 will be described with reference to Figure 4 as 
25 follows. 

First, the CPU 10 checks to see whether the security portion 18 is 
installed in the PC (Step 72). If the security portion 18 has been removed 



- 10- 

from the PC, the operation of the PC is terminated (Step 88). Otherwise, it 
is determined whether a partition stored in the security program storing 
portion 20 of the security portion 18 is valid (Step 74). If the partition is not 
valid, the operation of tfie PC is terminated (Step 88). However, if tiie 
5 partition is valid, it is determined whetiier the partition is active or not (Step 
76). If a partition is valid but not active, it is tiien determined whetiier or not 
it is tiie last partition of tfie hard disk 12 (Step 78). 

Here, a partition able to read data and a partition having an operating 
10 system are named as "valid partition" and "active partition", respectively. 
For example, a hard disk may be divided into several drives. Here, 
supposing that the hard disk is divided into four drives, each drive 
corresponds to a partition, and C drive having tiie operating system 
corresponds to the active partition. 

15 

If the current partition is determined to be tiie last one. that is. if there 
is no active partition, a basic program is performed (Step 80). 

On the other hand, in Step 76, if tiie partition is active, tiie operating 
20 system is read Uierefrom (Step 82) and then it is determined whetiier or not 
tiie operating system is valid (Step 84). Here, if tfie operating system is not 
valid, tfie operation of tiie PC is terminated (Step 88). On the contrary, if the 
operating system is valid, control of tiie PC is transferred to tiie valid 
operating system (Step 86). 



25 



Figure 5 is a flowchart illustrating a procedure for processing the boot 
sector protection program stored in the EEPROM 20. That is. the procedure 
is for processing a disk input/output command in tiie execution of user's 
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commands by the operating system which gains a control right to the PC after 
the booking procedure is normally completed. 

If a disk control command is input from the user, a disk interrupt 

5 processing procedure stored in the EEPROM 20 is performed. First, the hard 
disk currenUy installed in the PC is examined to determine whether or not it 
is the original hard disk 12 installed in the PC (Step 90). If the disk is not the 
hard disk 12 of the PC, an "original disk" interrupt procedure initiated by the 
PC is performed (Step 98). Otherwise, if the disk is the hard disk 12 of the 

10 PC. it is determined whether or not the disk control command is for reading 
information from the boot sector (Step 92). If the condition of Step 92 is 
satisfied, the contents of the boot sector stored in the EEPROM 20 is output 
(Step 94). However, if it is determined that the disk control command is not 
for reading, it is determined whether or not it is for writing information to the 

15 boot sector (Step 96). Here, if it is determined that the disk control command 
is for writing, the disk control command is disregarded, thereby completing 
the boot sector protection program. On the contrary, if it is determined that 
the disk control command is not for writing, the original disk interrupt 
procedure initiated by the PC is performed (Step 98). thereby completing the 

20 boot sector protection program. 

The methods of installing and detaching the security portion 18 in and 
from the PC according to tiie present invention will be described with 
reference to Figures 6 A and 6B. 
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When the installation of the security portion 18 is initiated, an initial 
booting data stored in the boot sector 14 of the hard disk 12 installed in the 
original PC is stored in a special file (Step 100), and then a new booting data 
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file is stored in the boot sector 14 of the hard disk 12 for security (Step 102). 
Next, the contents of the newly installed booting data file in the boot sector 
14 of the hard disk 12 are copied in the EEPROM 20 (Step 104). After Step 
104, the partition of the boot sector 14 stored in the hard disk 12 is removed 
5 (Step 106) to prevent the system from being used without any security 
portion. Then, the password and the identification number of the PC are 
registered in the hard disk 12 and EEPROM 20 (Step 108), thereby 
completing the installation of the security portion 18. 

10 The detaching operation of the security portion 18 is permitted for only 

an authorized user. First, the special file having the initial booting data is 
installed in the boot sector 14 of the hard disk 12 to return the boot sector 14 
to the initial state (Step 110). Then, the password stored in the EEPROM 20 
is removed (Step 112), thereby completing the detaching operation of the 

15 security portion 18, 

As described above, according to the PC having a security fimction, the 
security method therefor, and methods of installing and detaching the security 
device of the present invention, the operation of the PC is controlled 
20 according to whether the security device exists. That is, if there is no security 
device, the operation of the PC is terminated. Also, even if the PC is booted 
by an unauthorized user using a floppy diskette, the hard disk cannot be used 
since the partition data of the hard disk is not included. Therefore, protection 
of the boot sector of the hard disk is accomplished. 

25 

The reader*s attention is directed to all papers and documents which are 
filed concurrently with or previous to this specification in connection with this 
application and which are open to public inspection with this specification, and 
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tt,e contents of aU auch papers and documents are incorporated herein by 

reference. 

AU Of the features disclosed in this specification Oncluding any 
accompanying claims, abstract and drawings), and/or all of U,e steps of any 
method or process so disclosed, may be combined in any combinauon, except 
combinations whete a. least some of such features and/or steps are muB^ally 

exclusive. 

Each feature disclosed in this specification (including any 
accompanying claims, ab«rac and drawings), may be replaced by alternative 
features serving the same, equivalent or simUar purpose, unless expressly 
stated otherwise. Thus, unless expressly stated otherwise, each feati.re 
disclosed is one example only of a genedc series of equivalent or s.mtlar 
features. 

The invention is not restricted to the details of the foregoing 
embodiment(s). The invention extends to any novel one. or any novel 
combination, of ti.e features disclosed in this specification (includtng any 
accompanying claims, abstract and drawings), or to any novel one, or 
novel combination, of the steps of any method or process so disclosed. 
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1. A personal computer having a security function comprising: 

an input/output and memory means for inputting, outputting and storing 
a password; 

a hard disk for storing the password and a boot sector without partition, 
which is booted in response to a booting permission signal; 

a security program storing means for generating the booting permission 
signal according to whether the password is valid and said hard disk is the 
hard disk initially installed in the system in response to an initializing signal, 
having a boot sector program with partition, and storing the password, and a 
boot sector protection program for protecting the boot sector of said hard 
disk; 

security means for processing the boot sector protection program and 
for performing both read and write operations, having said security program 

storing means; and 

a central controller for controlling said hard disk, said input/output and 
memory means, and said security means, and for generating the initializing 

signal when power is turned on, 

wherein said hard disk is booted in response to whether said security 
means exists and whether said security means is the initially installed security 
means. 

2. A security method for a personal computer including a hard disk and 
security means for storing various security programs for the personal 
computer, in which the booting of the personal computer is conu-olled and the 
boot sector of said hard disk is protected, said security programs including a 
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booting control program and a boot sector protection program, wherein said 
booting control program is executed through the steps of: 

(a) preventing thebooting of theperson^d computer if apassword input 

bv a user is not valid; . , 

(b) terminating ti« booting of .he personal computer tf sa.d secunty 

means is detached; . , . 

(0 controlling ti» input/output of data to/from said hard dtsK by 
said security means if said security means is the same as that imt^lly .nstalled 
together with said hard disk; and 

(d) booting said hard disk. 

3. A meti,od accorfing to claim 2. wherein said boo. sector protection 
program is executed ttirough the steps of: 

(a-) determining whether the disk to be used is the hard disk of ,he 
personal compu.er if a disk control command is input from ^ user; 

(bO determining whether fl« disk control command .s for readmg 
information from the boot sector if ^ disk is de^rmined to be ti.e ong>nal 
hard disk of the personal computer; 

(C-) outputting U.e contem of the boot sector stored in sa.d secunty 
„,eans if it is determined in said step (b') that the disk control command ,s for 

""'"'d-) determining wheti.er ti.e disk con«.l command if for writing 
information in the boot sector if it U determit^d in said step (b') ti,at the d.sk 
control command is not for reading; 

performing an original disk interrupt ope«tion of tite personal 
computer to complete the process re,uired from the disk control command .f 
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the disk control command is not for writing or if it is determined in said step 
(a^) that the disk is not the original hard disk of the personal computer; and 
(f) completing the process required from the disk control command if 
the disk control command is for writing. 

5 

4. A security method of a personal computer as claimed in claim 2 or 3, 
wherein said security means is an EEPROM. 

5. A security method of a personal computer as claimed in claim 2, 3 or 
10 4, wherein said step (a) comprises the sub-steps of: 

requesting a user of the personal computer to input the password if said 
security means is initialized; and 

15 continuously requesting the user of the personal computer to input the 

password if the input password is not valid. 

6. A security method of a personal computer as claimed in claim 2, 3, 4 
or 5, wherein said step (b) comprises the sub-steps of: 

20 

determining whether said security means is the same as that initially 
installed in the personal computer and said hard disk is the same as that 
initially installed in the personal computer if the password is valid; 

terminating the operation of the personal computer so as to prevent said 
25 hard disk from being booted if said security means and said hard disk is not 
the same as those initially installed in the personal computer; and 
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selecting a partition of said hard disk in accordance with the password 
if said security means and said hard disk are the same as those initially 
installed in the personal computer. 

7. A method of installing security means in a personal computer for 
security of the personal computer, comprising the steps of: 

connecting said security means to a hard disk and a central controller 

of the personal computer; 

storing an original booting data of a boot sector of said hard disk in a 

special file; 

installing a new booting data in said boot sector; 

copying the new booting data installed in said boot sector in said 

security means; 

removing only a partition from the new booting^data so as to prevent 
the personal computer from being used without said security means; and 

registering a password and an identification number of the personal 
computer in said hard disk and said security means. 

8. A method of detaching security means from a personal computer for 
security of the personal computer, wherein said method is performed by 
installing again an original booting data stored as a special file in the boot 
sector of the personal computer and removing the password, by only an 
authorized user. 

9. A personal computer having a security function, wherein the computer 
is substantially as herein described with reference to the accompanying 

drawings. 



10 A secunty n«a.od for . ,«r.o„al co^^ subsundaUy . herein 
described with reference to the accompanying drawings. 

„ A method of installing security means in a persona, computer. *e 
, lod\eins y a. Herein descri.«d with reference to the 

accompanying drawings. 

n A me.h«. of detaching seeding means from a pe«onal computer, the 
lod being substanualiy as herein described with reference to the 
10 accompanying drawings. 
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